Even though, I have OpenBSD installed on at least half dozen machines at any given time so far I have infrequently used siteXX.tgz and install.site due to the heterogeneous nature of my hardware and use of machines. However, I got permission to install OpenBSD on 30 desktops at the place of my employment. The hardware is almost identical (i-386) but not really suitable for dump and restore installation. I am looking to do minimal intervention installation on these machines.

Can people kindly share the typical content of their siteXX.tgz files and even more importantly their install.site scripts. I would like "automatically" to replace all files in /etc/ /var with the edited once as well to run the script which will automatically add packages from the local repository as well as dot files.

I am in process of documenting my install.site/siteXXX.tgz framework. See my PM to you

Thanks a million!!! I am not in a big hurry so I could wait a bit before writing my own (which is going to look fairly complicated). I have seen your posts before. Besides the things you are outlying in those posts I really need to have install.site preform couple additional things.

1. Appending and replacing bunch of files at /etc/ as pf.conf, rc.conf.local, group, dhcpd.conf, sudoers, resolv.conf, sysctl.conf, printcap as well as foomatic directory populated by PPDs for printers.

2. I also need to upload scanner firmware into
/usr/local/share/sane/snapscan

3. The permissions for printers, scanners and USBs have to be adjusted so that users can use them

4. Packages should install and configure automatically.

5. dotfiles should install automatically per user.

What I am really after is a standard security harden desktop which can be installed with minimal human intervention in 20-30 minutes.

1. Appending and replacing bunch of files at /etc/ as pf.conf, rc.conf.local, group, dhcpd.conf, sudoers, resolv.conf, sysctl.conf, printcap as well as foomatic directory populated by PPDs for printers.

Appending to existing files is a typical task for the 'install.site' script. You also can patch files within 'install.site' as this example dating back from 2007 shows:

The "-C FILES" option makes that the files in the tarball have the suitable path to overwrite the existing files.
Normally it will also add an 'install.site' script. Because in this case it did not exist, a warning is issued.

Quote:

2. I also need to upload scanner firmware into
/usr/local/share/sane/snapscan

Put the firmware file in the corresponding shadow file directory to be tarred up with all other files.

Besides the 'siteXX.tgz' file, the OpenBSD installer also automagically untars a file called 'siteXX-HOSTNAME.tgz' for host/box specific files.

A sibling directory of the above mentioned directory FILES is FILES.plato

The Makefile uses sed(1) to replace the placeholders =pkg_path= and =packages= with the real values.
These values are defined as Makefile variables, initialized with the contents of files. The 'patched' result is then appended to 'install.site'.

BTW I only install simple packages with not too many dependencies in the install.site.
No gnome, kde or even firefox. I do that when the system is being rebooted for the first time. Remember that during install time you have a rather limited environment.

Quote:

5. dotfiles should install automatically per user.

If the box or host 'plato' only has a single user, copy the .dotfile into the FILES.plato /etc/skel for inclusion in site49-plato.tgz.

Or use a simple shell snippet like '_exrc.root' for 'install.site':

Code:

#----------------------------------------
FILE=/root/.exrc
#FILE=$( basename ${FILE} )
echo Creating ${FILE}
cat <<END > ${FILE}
set showmode
set verbose
set ruler
set number
set autoindent
set prompt
set showmatch
set shiftwidth=4
set windowname
END

The install.site script is the result of throwing together a bunch of small tiny shell scripts: